A host group is a collection of hosts. After a host group is authorized for a user, the user can control all hosts and authorized accounts in this host group. This topic describes how to authorize host groups and their accounts by user. This topic also describes how to maintain these host groups and accounts.

Authorize host groups

To authorize host groups for a user, follow these steps:

  1. Log on to the Bastionhost system. For more information, see Log on to Bastionhost.
  2. In the left-side navigation pane, click Users > Users.
  3. Find the target user and click Authorize Host Groups in the Actions column.
    Authorize host groups for a user (1)
  4. On the Authorized Host Groups tab that appears, click Authorize Host Groups.
    Authorize host groups for a user (2)
  5. In the Authorize Host Groups pane that appears, select one or more host groups that you want to authorize for the user to maintain and click OK.

Remove authorized host groups

If a user does not need to maintain certain host groups, follow these steps to remove the authorized host groups to achieve the principle of least privilege:

  1. Log on to the Bastionhost system. For more information, see Log on to Bastionhost.
  2. In the left-side navigation pane, click Users > Users.
  3. Find the target user and click Authorize Host Groups in the Actions column.
    Authorize host groups for a user (1)
  4. On the Authorized Host Groups tab that appears, select the authorized host groups that you want to remove and click Remove in the lower-left corner.
    Remove authorized host groups
  5. In the message that appears, click Remove.

Authorize the accounts of a single host group

To authorize the accounts of a single host group for a user, follow these steps:

  1. Log on to the Bastionhost system. For more information, see Log on to Bastionhost.
  2. In the left-side navigation pane, click Users > Users.
  3. Find the target user and click Authorize Host Groups in the Actions column.
    Authorize host groups for a user (1)
  4. On the Authorized Host Groups tab that appears, find the target host group and click None. Authorize accounts in the Authorized Accounts column.
    Authorize the accounts of a single host group
    Note If you want to modify the authorized accounts, you can click the required account name in the Authorized Accounts column and specify Accounts.
  5. In the Select Accounts pane that appears, specify Accounts.Select Accounts pane
  6. Click Update.

Authorize the accounts of multiple host groups

To authorize the accounts of multiple host groups for a user at a time, follow these steps:

  1. Log on to the Bastionhost system. For more information, see Log on to Bastionhost.
  2. In the left-side navigation pane, click Users > Users.
  3. Find the target user and click Authorize Host Groups in the Actions column.
    Authorize host groups for a user (1)
  4. On the Authorized Host Groups tab that appears, select the target host groups and select Batch Authorize Accounts from the Batch drop-down list.
    Authorize the accounts of multiple host groups
  5. In the Batch Authorize Accounts pane that appears, specify Accounts.
    Update authorized accounts
  6. Click Update.

Remove the authorized accounts of multiple host groups

To remove the authorized accounts of multiple host groups for a user at a time, follow these steps:

  1. Log on to the Bastionhost system. For more information, see Log on to Bastionhost.
  2. In the left-side navigation pane, click Users > Users.
  3. Find the target user and click Authorize Host Groups in the Actions column.
    Authorize host groups for a user (1)
  4. On the Authorized Host Groups tab that appears, select the target host groups and select Batch Remove Authorized Accounts from the Batch drop-down list.
    Remove the authorized accounts of multiple host groups
  5. In the Batch Remove Authorized Accounts pane that appears, specify Accounts.
    Batch Remove Authorized Accounts pane
  6. Click Update.